Chuyển tới nội dung


comp bị nhiễm spyware hay virus gì lạ lắm


#1 Guest_TuQuy_*

  • Guests

Đăng 22 October 2005 - 04:34 PM

Computer của mình hiện nay bị hiện tượng sau:
1. khi type vào trang web www.vnn.vn cua vietnamnet thi tự động nó lai chuyển qua website " không mời mà đến" : http://thanhvan.org làm mình không thể vào web cua vietnamnet được. Thêm nữa, trên tiêu đê của mỗi trang web trước kia thường xuất hiên dòng chữ " Internet explorer" thi bây giờ lại đổi thành "Welcome to thanhvan.org Website". Minh đả dùng nhiêu phần mềm để diệt nhưng không có kết quả.
2. Bây giờ mỗi lần mình log-in vào yahoo messenger thi ngay lập tức bị exit ra liền, không thể chat được. Thêm nữa, bây giờ mỗi lần download phần mềm messenger từ www.yahoo.com thi chỉ download được cái mặt cười (icon) có tên file la msgr của messenger thôi, vi vậy mà không thê install lai được.

Rất mong các ban, anh chị giúp mình khắc phục sư cố trên. Mình gửi kèm filelog của hijackthis mà mình vừa mới scan để các bạn tiện chuẩn đoán bệnh cho cái comp khốn khổ của mình.

Xin chân thành cảm ơn.

Ký tên

Người Không Rành Vi Tính Lắm

Logfile of HijackThis v1.99.1
Scan saved at 1:47:20 AM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\sccvhost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\nien- nhac\Bkav2005\Bkav2005.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\syshost.exe
C:\UniKey36\UniKey\UniKey.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\SPA38HYN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://thanhvan.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WELCOME TO thanhvan.org WEBSITE !
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 82.165.243.204 vnexpress.net
O1 - Hosts: 82.165.243.204 vietnamnet.vn
O1 - Hosts: 82.165.243.204 dantri.com.vn
O1 - Hosts: 82.165.243.204 ttvnol.com
O1 - Hosts: 82.165.243.204 vn99.net
O1 - Hosts: 82.165.243.204 tialia.com
O1 - Hosts: 82.165.243.204 hoabuom.com
O1 - Hosts: 82.165.243.204 vn-n.com
O1 - Hosts: 82.165.243.204 songdong.net
O1 - Hosts: 82.165.243.204 www.ttvnol.com
O1 - Hosts: 82.165.243.204 www.vnn.vn
O1 - Hosts: 82.165.243.204 tinhdonphuong.com
O1 - Hosts: 82.165.243.204 www.vietnamnet.vn
O1 - Hosts: 82.165.243.204 www.vn-n.com
O1 - Hosts: 82.165.243.204 www.nhactinhyeu.com
O1 - Hosts: 82.165.243.204 nhactinhyeu.com
O1 - Hosts: 82.165.243.204 thanhvan.org
O1 - Hosts: 82.165.243.204 socolamusic.com
O1 - Hosts: 82.165.243.204 www.socolamusic.com
O1 - Hosts: 82.165.243.204 www.traitimmuathu.biz
O1 - Hosts: 82.165.243.204 traitimmuathu.biz
O1 - Hosts: 82.165.243.204 www.nghenhacfc.net
O1 - Hosts: 82.165.243.204 nghenhacfc.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BkavFw] E:\nien- nhac\Bkav2005\Bkav2005.exe TASKBAR
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] sccvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] sccvhost.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] sccvhost.exe
O4 - HKCU\..\Run: [UniKey] C:\UniKey36\UniKey\UniKey.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [Microsoft Windows Update] sccvhost.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [System32] C:\WINDOWS\system32\Sysrem.js
O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE http://thanhvan.org
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] sccvhost.exe
O4 - HKCU\..\RunOnce: [Windows] C:\WINDOWS\system32\Sysrem.js
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: palstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127503073008
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128533939814
O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

#2 minhtuanqs

    Advanced Member

  • Thành Viên
  • PipPipPip
  • 1,124 Bài viết:

Đăng 24 October 2005 - 02:04 AM

Nhìn là biết máy bạn chạy rất nặng nề
Bạn tiến hành Del các File sau :

Trích dẫn

C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\sccvhost.exe

C:\WINDOWS\System32\syshost.exe

C:\WINDOWS\System32\wuauclt.exe
Khởi động Hijackthis và FIX CHECKED
những khóa sau :

Trích dẫn

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <http://thanhvan.org>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html <http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://www.yahoo.com/>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html <http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <http://www.yahoo.com/>
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com <http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WELCOME TO thanhvan.org WEBSITE !

Trích dẫn

O1 - Hosts: 82.165.243.204 www.vnn.vn

và đây nữa :

Trích dẫn

O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE <http://thanhvan.org>

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <http://go.microsoft.com/fwlink/?linkid=39204>
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab <http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab>
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127503073008 <http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127503073008>
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128533939814 <http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128533939814>






1 thành viên đang đọc chủ đề này

0 thành viên 1 khách 0 thành viên vô danh